Full Disclosure mailing list archives
UDP bypassing in Kerio Firewall 2.1.4
From: "David F. Madrid" <conde0 () telefonica net>
Date: Tue, 22 Apr 2003 11:57:50 -0300 (ART)
Issue : UDP bypassing in Kerio Firewall Affected product : Kerio Firewall 2.1.4 ( last build in his website ) Vendor status : vendor was contacted months ago Tested Enviroment : switched LAN Description : Kerio develops a free firewall thats ships with default rules . Every incoming / outgoing packet is compared against the default ruleset . As the first rule accepts incoming packets if remote port is equal to 53 ( DNS ) the firewall can be easily bypassed just setting the source port of the attack to 53 Exploit : nmap -v -P0 -sU -p 1900 192.168.0.5 -g 53 Recomendations : set a rule to restrict the local ports to a range of 1024-5000 for DNS connections -- Regards , David F. Madrid Madrid , Spain www.nautopia.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- UDP bypassing in Kerio Firewall 2.1.4 David F. Madrid (Apr 22)